Accepting request 255752 from home:jsegitz:branches:devel:openSUSE:Factory

- Fixed buffer overflow and OOB access in shim trusted code path
  (bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)
  * added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch
- Added new certificate by Microsoft

OBS-URL: https://build.opensuse.org/request/show/255752
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=88

bug-889332_shim-mok-oob.patch

@@ -0,0 +1,69 @@
+Index: shim-0.7.318.81ee561d/MokManager.c
+===================================================================
+--- shim-0.7.318.81ee561d.orig/MokManager.c
++++ shim-0.7.318.81ee561d/MokManager.c
+@@ -163,8 +163,18 @@ static UINT32 count_keys(void *Data, UIN
+ 	EFI_SIGNATURE_LIST *CertList = Data;
+ 	UINTN dbsize = DataSize;
+ 	UINT32 MokNum = 0;
++	void *end = Data + DataSize;
+ 
+ 	while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
++
++		/* Use ptr arithmetics to ensure bounded access. Do not allow 0
++		 * SignatureListSize that will cause endless loop.
++		 */
++		if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) {
++			console_notify(L"Invalid MOK detected! Ignoring MOK List.");
++			return 0;
++		}
++
+ 		if (CertList->SignatureListSize == 0 ||
+ 		    CertList->SignatureListSize <= CertList->SignatureSize) {
+ 			console_errorbox(L"Corrupted signature list");
+@@ -192,6 +202,7 @@ static MokListNode *build_mok_list(UINT3
+ 	EFI_GUID CertType = X509_GUID;
+ 	UINTN dbsize = DataSize;
+ 	UINTN count = 0;
++	void *end = Data + DataSize;
+ 
+ 	list = AllocatePool(sizeof(MokListNode) * num);
+ 
+@@ -201,12 +212,24 @@ static MokListNode *build_mok_list(UINT3
+ 	}
+ 
+ 	while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
++		/* CertList out of bounds? */
++		if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) {
++			FreePool(list);
++			return NULL;
++		}
++
+ 		/* Omit the signature check here since we already did it
+ 		   in count_keys() */
+ 
+ 		Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) +
+ 		  sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ 
++		/* Cert out of bounds? */
++		if ((void *)(Cert + 1) > end || CertList->SignatureSize <= sizeof(EFI_GUID)) {
++			FreePool(list);
++			return NULL;
++		}
++
+ 		list[count].Type = CertList->SignatureType;
+ 		if (CompareGuid (&CertList->SignatureType, &CertType) == 0) {
+ 			list[count].MokSize = CertList->SignatureSize -
+@@ -218,6 +241,12 @@ static MokListNode *build_mok_list(UINT3
+ 			list[count].Mok = (void *)Cert;
+ 		}
+ 
++		/* MOK out of bounds? */
++		if (list[count].MokSize > end - (void *)list[count].Mok) {
++			FreePool(list);
++			return NULL;
++		}
++
+ 		count++;
+ 		dbsize -= CertList->SignatureListSize;
+ 		CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList +

bug-889332_shim-overflow.patch

@@ -0,0 +1,161 @@
+diff --git a/netboot.c b/netboot.c
+index 5ef53f7..f01a9bc 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -116,29 +116,34 @@ BOOLEAN findNetboot(EFI_HANDLE device)
+ 
+ static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt)
+ {
+-	void *optr;
+-	EFI_DHCP6_PACKET_OPTION *option;
+-	CHAR8 *url;
+-	UINT32 urllen;
++	void *optr = NULL, *end = NULL;
++	EFI_DHCP6_PACKET_OPTION *option = NULL;
++	CHAR8 *url = NULL;
++	UINT32 urllen = 0;
+ 
+ 	optr = pkt->DhcpOptions;
++	end = optr + sizeof(pkt->DhcpOptions);
+ 
+-	for(;;) {
++	for (;;) {
+ 		option = (EFI_DHCP6_PACKET_OPTION *)optr;
+ 
+ 		if (ntohs(option->OpCode) == 0)
+-			return NULL;
++			break;
+ 
+ 		if (ntohs(option->OpCode) == 59) {
+ 			/* This is the bootfile url option */
+ 			urllen = ntohs(option->Length);
+-			url = AllocateZeroPool(urllen+1);
++			if ((void *)(option->Data + urllen) > end)
++				break;
++			url = AllocateZeroPool(urllen + 1);
+ 			if (!url)
+-				return NULL;
++				break;
+ 			memcpy(url, option->Data, urllen);
+ 			return url;
+ 		}
+ 		optr += 4 + ntohs(option->Length);
++		if (optr + sizeof(EFI_DHCP6_PACKET_OPTION) > end)
++			break;
+ 	}
+ 
+ 	return NULL;
+@@ -164,45 +169,60 @@ static CHAR16 str2ns(CHAR8 *str)
+ 
+ static CHAR8 *str2ip6(CHAR8 *str)
+ {
+-        UINT8 i, j, p;
+-	size_t len;
+-        CHAR8 *a, *b, t;
+-        static UINT16 ip[8];
++	UINT8 i = 0, j = 0, p = 0;
++	size_t len = 0, dotcount = 0;
++	enum { MAX_IP6_DOTS = 7 };
++	CHAR8 *a = NULL, *b = NULL, t = 0;
++	static UINT16 ip[8];
+ 
+-        for(i=0; i < 8; i++) {
+-                ip[i] = 0;
+-        }
+-        len = strlen(str);
+-        a = b = str;
+-        for(i=p=0; i < len; i++, b++) {
+-                if (*b != ':')
+-                        continue;
+-                *b = '\0';
+-                ip[p++] = str2ns(a);
+-                *b = ':';
+-                a = b + 1;
+-                if ( *(b+1) == ':' )
+-                        break;
+-        }
+-        a = b = (str + len);
+-        for(j=len, p=7; j > i; j--, a--) {
+-                if (*a != ':')
+-                        continue;
+-                t = *b;
+-                *b = '\0';
+-                ip[p--] = str2ns(a+1);
+-                *b = t;
+-                b = a;
+-        }
+-        return (CHAR8 *)ip;
++	memset(ip, 0, sizeof(ip));
++
++	/* Count amount of ':' to prevent overflows.
++	 * max. count = 7. Returns an invalid ip6 that
++	 * can be checked against
++	 */
++	for (a = str; *a != 0; ++a) {
++		if (*a == ':')
++			++dotcount;
++	}
++	if (dotcount > MAX_IP6_DOTS)
++		return (CHAR8 *)ip;
++
++	len = strlen(str);
++	a = b = str;
++	for (i = p = 0; i < len; i++, b++) {
++		if (*b != ':')
++			continue;
++		*b = '\0';
++		ip[p++] = str2ns(a);
++		*b = ':';
++		a = b + 1;
++		if (b[1] == ':' )
++			break;
++	}
++	a = b = (str + len);
++	for (j = len, p = 7; j > i; j--, a--) {
++		if (*a != ':')
++			continue;
++		t = *b;
++		*b = '\0';
++		ip[p--] = str2ns(a+1);
++		*b = t;
++		b = a;
++	}
++	return (CHAR8 *)ip;
+ }
+ 
+ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ {
+ 	CHAR8 *start, *end;
+ 	CHAR8 ip6str[40];
++	CHAR8 ip6inv[16];
+ 	CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
+ 
++	// to check against str2ip6() errors
++	memset(ip6inv, 0, sizeof(ip6inv));
++
+ 	if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
+ 		Print(L"URLS MUST START WITH tftp://\n");
+ 		return FALSE;
+@@ -217,7 +237,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ 	end = start;
+ 	while ((*end != '\0') && (*end != ']')) {
+ 		end++;
+-		if (end - start > 39) {
++		if (end - start >= (int)sizeof(ip6str)) {
+ 			Print(L"TFTP URL includes malformed IPv6 address\n");
+ 			return FALSE;
+ 		}
+@@ -226,10 +246,12 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ 		Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
+ 		return FALSE;
+ 	}
+-	memset(ip6str, 0, 40);
++	memset(ip6str, 0, sizeof(ip6str));
+ 	memcpy(ip6str, start, end - start);
+ 	end++;
+ 	memcpy(&tftp_addr.v6, str2ip6(ip6str), 16);
++	if (memcmp(&tftp_addr.v6, ip6inv, sizeof(ip6inv)) == 0)
++		return FALSE;
+ 	full_path = AllocateZeroPool(strlen(end)+strlen(template)+1);
+ 	if (!full_path)
+ 		return FALSE;

shim.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Oct 13 13:09:14 UTC 2014 - jsegitz@novell.com
+
+- Fixed buffer overflow and OOB access in shim trusted code path
+  (bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)
+  * added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch
+- Added new certificate by Microsoft
+
 -------------------------------------------------------------------
 Wed Sep  3 12:32:25 UTC 2014 - lnussel@suse.de
 

shim.spec

@@ -56,6 +56,10 @@ Patch4:         shim-mokmanager-support-sha-family.patch
 Patch5:         shim-signed-unsigned-compares.patch
 # PATCH-FIX-UPSTREAM shim-update-openssl-0.9.8zb.patch glin@suse.com -- Update openssl to 0.9.8zb
 Patch6:         shim-update-openssl-0.9.8zb.patch
+# PATCH-FIX-UPSTREAM bug-889332_shim-overflow.patch krahmer@suse.com -- patch for overflow issue.
+Patch7:         bug-889332_shim-overflow.patch
+# PATCH-FIX-UPSTREAM bug-889332_shim-mok-oob.patch krahmer@suse.com -- patch for MOK OOB access.
+Patch8:         bug-889332_shim-mok-oob.patch
 # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not
 Patch100:       shim-opensuse-cert-prompt.patch
 BuildRequires:  gnu-efi >= 3.0t
@@ -87,6 +91,8 @@ Authors:
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
+%patch8 -p1
 %patch100 -p1
 
 %build

signature-opensuse.asc

@@ -1,11 +1,11 @@
-hash: bdd01126e9d85710d3fe75af1cc1702a29f081b4f6fdf6a2b2135c0297a9cec5
+hash: be435df7cd28aa2a7c8db4fc8173475b77e5abf392f76b7c76fa3f698cb71a9a
 # 2069-04-10 06:07:54
 timestamp: babababa
-checksum: ff45
+checksum: ee96
 -----BEGIN AUTHENTICODE SIGNATURE-----
-MIIh3AYJKoZIhvcNAQcCoIIhzTCCIckCAQExDzANBglghkgBZQMEAgEFADBcBgor
+MIIh2QYJKoZIhvcNAQcCoIIhyjCCIcYCAQExDzANBglghkgBZQMEAgEFADBcBgor
 BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
-ZQMEAgEFAAQgvdARJunYVxDT/nWvHMFwKinwgbT2/faishNcApepzsWgggs8MIIF
+ZQMEAgEFAAQgvkNd980oqip8jbT8gXNHW3flq/OS92t8dvo/aYy3Gpqgggs8MIIF
 JDCCBAygAwIBAgITMwAAAApmQvP0n7c3lgABAAAACjANBgkqhkiG9w0BAQsFADCB
 gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
 ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
@@ -65,31 +65,31 @@ HYw9Rw5EpuSwmzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6Q
 I7UvXo9QhY3GjYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJy
 lYaw8TVhahn1sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpc
 Aj/lluOFWzw+P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79An
-oKBZN2D4OJS44Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghYTMIIW
+oKBZN2D4OJS44Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghYQMIIW
-DwIBATCBmTCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
+DAIBATCBmTCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
 BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEr
 MCkGA1UEAxMiTWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAA
 AApmQvP0n7c3lgABAAAACjANBglghkgBZQMEAgEFAKCCAREwGQYJKoZIhvcNAQkD
 MQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJ
-KoZIhvcNAQkEMSIEIKOfDrPjsHj5IpbLDH/emIN2ujjTNjWxi+JiBMeM1lejMIGk
+KoZIhvcNAQkEMSIEIH8k1QzoaOGI7RKFvmbvflQd2+npQctwEZe5x8YjIvvQMIGk
 BgorBgEEAYI3AgEMMYGVMIGSoF6AXABoAHQAdABwADoALwAvAHcAdwB3AC4AbQBp
 AGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAHcAaABkAGMALwBoAGMAbAAvAGQAZQBm
 AGEAdQBsAHQALgBtAHMAcAB4oTCALmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS93
-aGRjL2hjbC9kZWZhdWx0Lm1zcHgwDQYJKoZIhvcNAQEBBQAEggEAThlP7UGIWeaL
+aGRjL2hjbC9kZWZhdWx0Lm1zcHgwDQYJKoZIhvcNAQEBBQAEggEAHJkR2IJxl5GE
-wSgeXtn8Whnj2NuB/+fBohdlEmuU4oOJsKt07jxVrzXWHO0/znARfCMhsqGnwQq6
+ftK0A1yP8Iy4hL30Fc1gsWa37MpcCBtVW2LgzVQ3ZiPfiliQ3/PUWUrWYgY0+KFF
-IU45DSbqHiBsPS2bucCmygVJZjS+lYUY0o1OSiAOgkcOb3byqbOhFx+yU4jyi1I6
+pi+nfLDIFRf2BBQCl6TLiBSlzCMmdy4d8v53dkWuxsKbwabRSNHhmFe2rjDkbgOf
-vZsetJf0VIB/50CUDWw/jgC29MS5uLKPbljn6Gav6BmWkbzR7g7e44QInagtQsEm
+65dCa3F1JDEAIsPN7I0OOWrwWPX4mOF2lOfWk198m2Hcc1DOoenDXJAy2B8iCHtQ
-kxI4FaHRkaKnkTtrJZ2htMCGJUEm83iyEaFB1jfwE+eSVilltwZeUiM8cm5jSIeZ
+B607QuKZpWPLuhkjiJcceGhyX6LqEUIm5RIhhINjtoVzvjv3xKENunU8MMbV8Bp5
-CWyF2+bOgaOyIk47XVZWI0683wwf43yftlRMsuySQuD7Vk4sKsRM87Nl1SszQSqI
+uQDIf6C7bMPqMRMPshzURESwcXK1klfWZ5a+bSojMbd+5a37x49Fy1qpFyJ7PZ+q
-murrQX0OHqGCEzUwghMxBgorBgEEAYI3AwMBMYITITCCEx0GCSqGSIb3DQEHAqCC
+DaKGK5QUXKGCEzIwghMuBgorBgEEAYI3AwMBMYITHjCCExoGCSqGSIb3DQEHAqCC
-Ew4wghMKAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggE1BgsqhkiG9w0BCRABBKCCASQE
+EwswghMHAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggE1BgsqhkiG9w0BCRABBKCCASQE
-ggEgMIIBHAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCBhVxDrnAE1
+ggEgMIIBHAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCDX3+3JKDpB
-Odf8YYCrsCpxqlspu1YwtY7Xj0HNqt+MlgIGU8faFW37GBMyMDE0MDgwMjAwMjcx
+nqCqpXqYaaP8IB6oYhVoGH1aOrhn2NGHBwIGVBrtfM7aGBMyMDE0MDkyNDE1NTkx
-My4yMzVaMAcCAQGAAgH0oIGxpIGuMIGrMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
+NS41ODVaMAcCAQGAAgH0oIGxpIGuMIGrMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
 V0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh
-dGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjMx
+dGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOkJC
-QzUtMzBCQS03QzkxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2
+RUMtMzBDQS0yREJFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2
-aWNloIIOwDCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAw
+aWNloIIOvTCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAw
 gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS
 ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMT
 KU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEw
@@ -123,65 +123,65 @@ fYPw4TtxCd9ddJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3ep
 gcunCaw5u+zGy9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMu
 Ein1wC9UJyH3yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmK
 LxvHIa9Zta7cRDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu
-7w2gUDXa7wknHNWzfjUeCLraNtvTX4/edIhJEjCCBNIwggO6oAMCAQICEzMAAABP
+7w2gUDXa7wknHNWzfjUeCLraNtvTX4/edIhJEjCCBNIwggO6oAMCAQICEzMAAABQ
-rehUlVAolGcAAAAAAE8wDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzAR
+ZzO71/vhFxoAAAAAAFAwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzAR
 BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p
 Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh
-bXAgUENBIDIwMTAwHhcNMTQwNTIzMTcyMDA4WhcNMTUwODIzMTcyMDA4WjCBqzEL
+bXAgUENBIDIwMTAwHhcNMTQwNTIzMTcyMDA5WhcNMTUwODIzMTcyMDA5WjCBqzEL
 MAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD
 VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDTALBgNVBAsTBE1PUFIxJzAlBgNV
-BAsTHm5DaXBoZXIgRFNFIEVTTjozMUM1LTMwQkEtN0M5MTElMCMGA1UEAxMcTWlj
+BAsTHm5DaXBoZXIgRFNFIEVTTjpCQkVDLTMwQ0EtMkRCRTElMCMGA1UEAxMcTWlj
 cm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKFVkneQwi1RLhVhgJoMVZY6JIU3jigasjbuZClciQzP0d0z9Ev8
+ADCCAQoCggEBAJEhjxO+q6WM252ntWKyoMJcVUKjwcITIIpviOgAlGana6vpyGUq
-mxS2T2+fdfVkWZWKQXeYmD5mejixNPhFpoQR0zWhpfNQe4XA7x4l8a48+P483uz3
+64TfinxqrYIewPts3MQx4HQ05m4Q8s/7D/Htz2Uk5XU3klY9+7exCA1WB++u7dA9
-7sMyBlYtYaQEnfBPmCqG/Wbr9cdH9QVx94F4NKVZFnSa/eEq3hDRLfqqiDmkRTN4
+8YKX0Sf+gTiw+Guw6H0kokwX4ADL7I+ejfiGGYOQx382pJcSwEqwOz2orleDr30N
-t+w8d3Yx41CVzx6TBgh6bE2km58m5YS/+54xLirgm44nHlmQCut58IGTZ6CArg/1
++/abfhb1gmvzNnQthTd6eCf8G2Gs6oA78lS3bajvwPv+DDX9e927oDO4wYF2aZJi
-g1cqGrFbMUZC/mhSgCA4uFNSRctPc56zSTBbsM5vP6PqOW6J8VWJICxREyBqg2gV
+lOkQArMD7vAbwH7ib6gasZoktwb8fRjDMjzAon9eq1SFlrON/8OH99kFC1BUiOgT
-Qp7JhZmczo+DtG+W3QyjPO8Thwx+mo3iFnkCAwEAAaOCARswggEXMB0GA1UdDgQW
+HUzftAFvVChVRGoQxc+hnfIJuNumVMo86RsCAwEAAaOCARswggEXMB0GA1UdDgQW
-BBQrpekQU9AS8xkbQCwKTRfMxEXJLjAfBgNVHSMEGDAWgBTVYzpcijGQ80N7fEYb
+BBQIBFn2oC+3IbRoBgG252aBsP1B2zAfBgNVHSMEGDAWgBTVYzpcijGQ80N7fEYb
 xTNoWoVtVTBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5j
 b20vcGtpL2NybC9wcm9kdWN0cy9NaWNUaW1TdGFQQ0FfMjAxMC0wNy0wMS5jcmww
 WgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29m
 dC5jb20vcGtpL2NlcnRzL01pY1RpbVN0YVBDQV8yMDEwLTA3LTAxLmNydDAMBgNV
 HRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IB
-AQBhbgv5FjD4pzjfVhGhfk23Gom8Ip4kfRTobqi7up1JHBTWidiUVKwoszU9TPi+
+AQBeUPsfXveaA2srFUYG1UfpVOfxW9WXF3qeftvU6FdW2TfH+i3FV8jryywreT59
-PTuCNBDJgWuMIXNGcpXRTLTENDW9Maln6yp7zFUEtYGulWSFT9EGMLfjBTLoBl4M
+IBfCqy8Qe93c+Rb4nSwbQwt/nvft9HcBnC/YvXpcpTA587RxM22ypCDICnKNBk1p
-GxU8IDviiM6GuCy7vV0QbsNfeBZpo761j42sHJccu7LPTk8VD24W1diIEaCjePJW
+z4BTGOO+pNJkrDcfhNARDlYDJTFO6IKUHOgNVzPbrNH0HDCA1KUzvPYza2XEohaA
-FRBKidTcAQRHki0xDK4xYbN9GFncfhXaMlQn4TN/mRx6YBTELjiP1RH3rdW9I/NX
+MCmfR1hA12cSm6BsKMnRr3D6lGuJEeqTFM/0hJ1xARDZ5nQwwc9nggHHutnQIA8E
-0kXfCGth/BbVctp6rGRkK8NQaHkq9rXqt+C75sVwASx/JxMkXS1q+Rnwbilso9Rq
+vowp2uKbfgiEcFNYaPlHNW7ntNrNtG9RRZS57n7+3Mblh/6wij8g0blll3hCC5Gt
-LsiE9SszQjNKzc+rebhHpUELoYIDcTCCAlkCAQEwgduhgbGkga4wgasxCzAJBgNV
+k7lyZtb20wDYJ9USachQ+iSRoYIDbjCCAlYCAQEwgduhgbGkga4wgasxCzAJBgNV
 BAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV
 TWljcm9zb2Z0IENvcnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMScwJQYDVQQLEx5u
-Q2lwaGVyIERTRSBFU046MzFDNS0zMEJBLTdDOTExJTAjBgNVBAMTHE1pY3Jvc29m
+Q2lwaGVyIERTRSBFU046QkJFQy0zMENBLTJEQkUxJTAjBgNVBAMTHE1pY3Jvc29m
-dCBUaW1lLVN0YW1wIFNlcnZpY2WiJQoBATAJBgUrDgMCGgUAAxUAKLyR2kF+5obQ
+dCBUaW1lLVN0YW1wIFNlcnZpY2WiJQoBATAJBgUrDgMCGgUAAxUAMibb8Tfny12c
-k1yVhHi3u5xWWaqggcIwgb+kgbwwgbkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
+vCOQ33PvTJE7C8WggcIwgb+kgbwwgbkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
 YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg
 Q29ycG9yYXRpb24xDTALBgNVBAsTBE1PUFIxJzAlBgNVBAsTHm5DaXBoZXIgTlRT
-IEVTTjpCMDI3LUM2RjgtMUQ4ODErMCkGA1UEAxMiTWljcm9zb2Z0IFRpbWUgU291
+IEVTTjo1N0Y2LUMxRTAtNTU0QzErMCkGA1UEAxMiTWljcm9zb2Z0IFRpbWUgU291
-cmNlIE1hc3RlciBDbG9jazANBgkqhkiG9w0BAQUFAAIFANeGrl0wIhgPMjAxNDA4
+cmNlIE1hc3RlciBDbG9jazANBgkqhkiG9w0BAQUFAAIFANfNNv4wIhgPMjAxNDA5
-MDIwMDI1MDFaGA8yMDE0MDgwMzAwMjUwMVowdzA9BgorBgEEAYRZCgQBMS8wLTAK
+MjQxMjI2MzhaGA8yMDE0MDkyNTEyMjYzOFowdDA6BgorBgEEAYRZCgQBMSwwKjAK
-AgUA14auXQIBADAKAgEAAgIJAAIB/zAHAgEAAgIYWjAKAgUA14f/3QIBADA2Bgor
+AgUA1802/gIBADAHAgEAAgIFPTAHAgEAAgIZTzAKAgUA186IfgIBADA2BgorBgEE
-BgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMBoAowCAIBAAIDFuNgoQowCAIBAAID
+AYRZCgQCMSgwJjAMBgorBgEEAYRZCgMBoAowCAIBAAIDFuNgoQowCAIBAAIDB6Eg
-B6EgMA0GCSqGSIb3DQEBBQUAA4IBAQCFCxo0b2hLnmf+xoh21SzjNvFsZm6WfCFc
+MA0GCSqGSIb3DQEBBQUAA4IBAQAjlr+7LVLV8T73EGRTlTW34BPMUq0sAh6cGR5b
-PlGAEgOqq1Dlp9KNsYik0tjif3xLKmMjM1sBE8JJ85c2iYDMm/y5PUyyM16zlojk
+R7MfoeDIgeRuqju83egmQYkDpFoYDRf7SHsi9/8VtdRa1djWIVwOGbo2S9W04B6I
-q4zwcJEiPzEzBPzKqtgGRvJElVY37BuowRCgbRv5gi6eKGiHObCFf0ElAwGNJydf
+kUJZVhTeVgKKp02LoigrPcIdvUbCImW3pPLE+5oS8nkibpRPL+VUkyZjNGDwqcRr
-DDxy7BmNS5/kPk926NxynXs1kdqPdUmyZmh/3wtm0w9S6+NIzfCXLp0kxCP3kPVv
+m1933vTfi7wPDahxuJg79Mx5IPftEit8tlGRkzZRftRvHxGYIOL9eEwfpnQ5xePK
-kEHTiPUj/ogu4DVvkbECmJyZwtjhlsEcr+VxT2PYNdQX+89UdreCR0deUXY7Y6WS
+2uf8BitbwllGniV1BOJtFCkVS46Rt/x/dBmlQd7oVpPOnHhqTBX1op3xjI+N/93X
-M1Zr7cVhFJAWjLPB8ciqG8WDmijJviFDp8e+7lrBCxZdRwXilBKiMYIC9TCCAvEC
+msnGanls8Y3/8+BkXs5NkigVrGNqiy424xWVhFRdRKADwd+CMYIC9TCCAvECAQEw
-AQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
+gZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
-BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG
+B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE
-A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAABPrehUlVAo
+AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAABQZzO71/vhFxoA
-lGcAAAAAAE8wDQYJYIZIAWUDBAIBBQCgggEyMBoGCSqGSIb3DQEJAzENBgsqhkiG
+AAAAAFAwDQYJYIZIAWUDBAIBBQCgggEyMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0B
-9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQg2Fdy/47bukVF9tAPO8fA4meI/cXYbmn7
+CRABBDAvBgkqhkiG9w0BCQQxIgQgipcVbZMN5q/tvhNA5uFl75KiSkhlJO+gE53r
-z135MrP1QSowgeIGCyqGSIb3DQEJEAIMMYHSMIHPMIHMMIGxBBQovJHaQX7mhtCT
+G0I83aAwgeIGCyqGSIb3DQEJEAIMMYHSMIHPMIHMMIGxBBQyJtvxN+fLXZy8I5Df
-XJWEeLe7nFZZqjCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
+c+9MkTsLxTCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n
-aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y
+dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y
-cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw
+YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMz
-AhMzAAAAT63oVJVQKJRnAAAAAABPMBYEFCYplGRrdF2iEXIxRDr2Yo/nmNd0MA0G
+AAAAUGczu9f74RcaAAAAAABQMBYEFIrVwV/mRE/CM8XDaIYkRLS4deD7MA0GCSqG
-CSqGSIb3DQEBCwUABIIBAIUNbJ8A82Vn/zft6B33oO5uQqRZcSD6zqqM3z7a/Tb2
+SIb3DQEBCwUABIIBADb96TT37ulMALmrrCuKtnpd4ReAFGcpLa2KCNrFv/SfjmDc
-VLnhWYmDjxsLesS8kXcSZKv5MBVBA01FQQaL6jEwkjRx/qYM8ly6qthXGsgN0WoE
+5lGMLSR1qjSH/WR3IF9mnwXJEeuDoAKj/TBAWPLYudzvjoRtmEckXiCsqHqTfgWW
-vXKnOPjJ40Iz03g/AlMHzs2lI9hYWw/iaArpzdiCgD0qeOt12K+HANTEm3azsDWr
+ucFrW/kgALfXY6ExM1W+YYZDkRytHm6y9Iym9vlb62q5D55B0Nd1HVxzkXdF4Ivr
-d7F/rUlHOQJxbCkxuMhpN8kFcV8qtgiVJ5jYna6AlOEDOL0E7Z15Tesid2ZjJn/5
+VUeUdBiicV2IRg0GlGjJZWbSsw42A6TACQdlNJW0ysHsE0cVfxk8SUfUUrydS//1
-/hrND9ZCeYcgROjy154VnT0a0zEWaiN6Rp8xqYYGSnLiXZAZPMtHNkXAIRUy34ut
+MYe6xv2B8dOODqmxWTjHoetvthNqZPK5NZUGv7VG3E6qnhfr4F1wvrmy5b4ASTYw
-XgbI8J3rkmRK1vZYNa4dHD7X/7cohNa9/XZZi4Usn8k=
+QOqkkUGXMCcnWDlmSzaw7FlmfdqsFHbRKVVGwlsAAAA=
 -----END AUTHENTICODE SIGNATURE-----